Better Rand() Algorithim

[Ben Justice]

For a program in c, I need some random numbers for a system were people are
placing bets. This is not a commerical project btw. Generally, I tend to
rely on things from the standard library, because they're written by people
with skills far above mine. Hence, I've always used rand() and FALSELY
assumed it could produce unpredictable random numbers and could be used in
many situations even if security was an issue.

Firstly, lets assume for the moment I have a way to get a random and
unpredictable seed for a pseudo random number generator. Then is it
possible to get a reasonably secure shuffle in which the user cannot
predict all the players cards after seeing the first five or so in the
series?

Secondly, Is there a reasonable method for determing an unpredictatble
seed? I understand seeding from the timer is unsecure.

Finally, is there a better rand() facsimile in which the source code is
available in the public domain? One which would suit my needs.

TIA Bj

 

[Irrwahn Grausewitz]

Finally, is there a better rand() facsimile in which the source code is
available in the public domain? One which would suit my needs.

Try: http://www.cs.wm.edu/~va/software/park/park.html

(I couldn't find any licensing information there, but it turned
out to be research code, not commercial code.)

Or just get started with:

http://www.google.com/search?q=random+number+generators

Regards,

Irrwahn

 

[Thomas Matthews]

For a program in c, I need some random numbers for a system were people are
placing bets. This is not a commerical project btw. Generally, I tend to
rely on things from the standard library, because they're written by people
with skills far above mine. Hence, I've always used rand() and FALSELY
assumed it could produce unpredictable random numbers and could be used in
many situations even if security was an issue.

Firstly, lets assume for the moment I have a way to get a random and
unpredictable seed for a pseudo random number generator. Then is it
possible to get a reasonably secure shuffle in which the user cannot
predict all the players cards after seeing the first five or so in the
series?

Secondly, Is there a reasonable method for determing an unpredictatble
seed? I understand seeding from the timer is unsecure.

Finally, is there a better rand() facsimile in which the source code is
available in the public domain? One which would suit my needs.

TIA Bj

I think you should search this newsgroup for "random"
rather than starting a whole new discussion.

--
Thomas Matthews

C++ newsgroup welcome message:
http://www.slack.net/~shiva/welcome.txt
C++ Faq: http://www.parashift.com/c++-faq-lite
C Faq: http://www.eskimo.com/~scs/c-faq/top.html
alt.comp.lang.learn.c-c++ faq:
http://www.raos.demon.uk/acllc-c++/faq.html
Other sites:
http://www.josuttis.com -- C++ STL Library book

 

[Richard Heathfield]

Finally, is there a better rand() facsimile in which the source code is
available in the public domain? One which would suit my needs.

Google for "Mersenne Twister".

 

[Malcolm]

Firstly, lets assume for the moment I have a way to get a random and
unpredictable seed for a pseudo random number generator. Then is it
possible to get a reasonably secure shuffle in which the user cannot
predict all the players cards after seeing the first five or so in the
series?

void memshuffle(void *ptr, int N, size_t size)
{
unsigned char *hck = ptr;
int i;

for(i=0;i<N;i++)
memswap(hck + size * i, hck + size * (rand() % N), size);
}

Secondly, Is there a reasonable method for determing an
unpredictatble seed? I understand seeding from the timer is unsecure.

Reading from the timer is the normal way of obtaining a seed. It might not
be secure enough if money is involved and hackers might have access to your
program.
If you have a large supply of random seeds, you might as well just use the
seeds and not bother with a pseudo rng.
You can time the interval between two keypresses - however that method is
also open to exploits. You can use the mouse position, but again a clever
hacker might exploit this.

Finally, is there a better rand() facsimile in which the source code is
available in the public domain? One which would suit my needs.

Yes, lots and lots. Lookup "rand" and "random number algorithm" in any
search engine.

 

[Steve Zimmerman]

For a program in c, I need some random numbers for a system were people are
placing bets. This is not a commerical project btw. Generally, I tend to
rely on things from the standard library, because they're written by people
with skills far above mine. Hence, I've always used rand() and FALSELY
assumed it could produce unpredictable random numbers and could be used in
many situations even if security was an issue.

Firstly, lets assume for the moment I have a way to get a random and
unpredictable seed for a pseudo random number generator. Then is it
possible to get a reasonably secure shuffle in which the user cannot
predict all the players cards after seeing the first five or so in the
series?

Secondly, Is there a reasonable method for determing an unpredictatble
seed? I understand seeding from the timer is unsecure.

Finally, is there a better rand() facsimile in which the source code is
available in the public domain? One which would suit my needs.

TIA Bj

Ben,

Thank you for your post.

I do not know if this is a reliable shuffle or not. Others will
be able to advise you on that better than I.

--Steve

#include <stdio.h>
#include <stdlib.h>
#include <time.h>
#include <string.h>

char *card[52];

void intro(void);
void create_deck(void);
void shuffle(void);
void deal(void);

int main()
{
char choice;

srand(time(0));
intro();
create_deck();
shuffle();

while (1) {
scanf("%c", &choice);
if (choice == ' ')
deal();
if (choice == 'Q' || choice == 'q')
exit(1);
}

return 0;
}

void intro(void)
{
printf("\n\n"
"Press <spacebar><enter> to deal 52 cards\n"
"Press Control-c or <q><enter> to terminate.\n\n");
}

void create_deck(void)
{
const char *rank[] = {"A", "2", "3", "4", "5",
"6", "7", "8", "9", "T", /* T for ten */
"J", "Q", "K"};

const char *suit[] = {"c", "d", "h", "s"};

int i = 0, j = 0;

for (i = 0; i < 13; i++)
for (j = 0; j < 4; j++) {
card[(j * 13) + i] = malloc(18);
sprintf(card[(j * 13) + i], "%s%s", rank, suit[j]);
}
}

void shuffle(void)
{
int i;
int r;
char *temp;

for (i = 0; i < 52; i++) {
r = rand() % 52;
temp = card;
card = card[r];
card[r] = temp;
}
}

void deal(void)
{
int i;

for (i = 0; i < 52; i++) {
if ((i % 13) == 0)
printf("\n");
printf("%s ", card);
}

shuffle();

printf("\n\n\n");
}

 

[Arthur J. O'Dwyer]

http://www.google.com/search?q=shuffling+algorithms

http://www.google.com/search?q=good+seeds+for+random+number+generators

http://www.google.com/search?q=good+random+number+generators


Ben,

Thank you for your post.

I do not know if this is a reliable shuffle or not. Others will
be able to advise you on that better than I.

--Steve

Okay, Steve, I hate to say it, but your incessant posts are getting
very slightly on my nerves. I can't speak for anyone else, nor
can I do anything about it, and I know that at least you're getting
some pretty good practice at writing C code, but still... If you
don't know whether a solution is correct or not, *please* try looking
for the answer in the archives or on the Web *before* posting!

The below program is incorrect, and contains a lot of extraneous
material that can only confuse or annoy the OP. Even in answers,
please post the smallest complete program that exhibits the
solution.

-Arthur

#include <stdio.h>
#include <stdlib.h>
#include <time.h>
#include <string.h>

char *card[52];

void intro(void);
void create_deck(void);
void shuffle(void);
void deal(void);

int main()
{
char choice;

srand(time(0));

Missing cast.

intro();
create_deck();
shuffle();

while (1) {
scanf("%c", &choice);

Missing checks for end-of-input.

if (choice == ' ')
deal();
if (choice == 'Q' || choice == 'q')
exit(1);

Non-portable argument to exit().

}

return 0;
}

void intro(void)
{
printf("\n\n"
"Press <spacebar><enter> to deal 52 cards\n"
"Press Control-c or <q><enter> to terminate.\n\n");
}

void create_deck(void)
{
const char *rank[] = {"A", "2", "3", "4", "5",
"6", "7", "8", "9", "T", /* T for ten */
"J", "Q", "K"};

const char *suit[] = {"c", "d", "h", "s"};

int i = 0, j = 0;

for (i = 0; i < 13; i++)
for (j = 0; j < 4; j++) {
card[(j * 13) + i] = malloc(18);

Why 18? 3 is plenty.

sprintf(card[(j * 13) + i], "%s%s", rank, suit[j]);
}
}

void shuffle(void)
{
int i;
int r;
char *temp;

for (i = 0; i < 52; i++) {
r = rand() % 52;
temp = card;
card = card[r];
card[r] = temp;
}

It's trivially easy to show that this algorithm doesn't work.
(In fact, Google tells me that the 'mode' of this distribution
is the original permutation itself -- that is, this "shuffle"
will not do *anything* more often than it will produce any
other particular ordering!)

}

void deal(void)
{
int i;

for (i = 0; i < 52; i++) {
if ((i % 13) == 0)
printf("\n");
printf("%s ", card);
}

shuffle();

printf("\n\n\n");
}

 

[Nick]

Okay, Steve, I hate to say it, but your incessant posts are getting
very slightly on my nerves. I can't speak for anyone else, nor
can I do anything about it, and I know that at least you're getting
some pretty good practice at writing C code, but still... If you
don't know whether a solution is correct or not, *please* try looking
for the answer in the archives or on the Web *before* posting!

The below program is incorrect, and contains a lot of extraneous
material that can only confuse or annoy the OP. Even in answers,
please post the smallest complete program that exhibits the
solution.

-Arthur

Ok, I think this is a little harsh. I have seen no hostile action from
Steve in this group, and, even if his posts seem overmuch sometimes, the
purpose of this group is to help people learn. Programmers make
mistakes; beginners and even intermediates make lots o' mistakes. Show
someone the problem enough times, and they'll eventually start seeing
the errors.

Lurker out.

 

[Carsten Hansen]

For a program in c, I need some random numbers for a system were people are
placing bets. This is not a commerical project btw. Generally, I tend to
rely on things from the standard library, because they're written by people
with skills far above mine. Hence, I've always used rand() and FALSELY
assumed it could produce unpredictable random numbers and could be used in
many situations even if security was an issue.

Firstly, lets assume for the moment I have a way to get a random and
unpredictable seed for a pseudo random number generator. Then is it
possible to get a reasonably secure shuffle in which the user cannot
predict all the players cards after seeing the first five or so in the
series?

Secondly, Is there a reasonable method for determing an unpredictatble
seed? I understand seeding from the timer is unsecure.

Finally, is there a better rand() facsimile in which the source code is
available in the public domain? One which would suit my needs.

TIA Bj

Your compiler's rand may have weaknesses. The question is, when properly
seeded, can a would-be attacker exploit the weaknesses without doing an
exhaustive search. If an exhaustive search is needed, then no other random
number generator with the same size seed would be any better.
Below is a simple program. It shuffles a deck card of card, and then deals
the first 50 cards face up. Your challenge is to guess the 51st card. A
priori you have a 50% chance. Can you with the knowledge of rand and the
code used by the program, but not the seed, develop an algorithm for winning
every time? What if rand is only re-seeded every fifth shuffle?
The program is seeded with time(0) which is not secure. I did that so that
the program is portable and functional. If your compiler supports assembly
and you are running on an x86, you can try to turn on the code that reads
the lower 32 bits of the timing register of the CPU. Because this register
is update at very high frequency, it appears to me to be a good source of
entropy for the random number generator.

Carsten Hansen

#include <stdlib.h>
#include <time.h>
#include <stdio.h>

#define deck_size 52

void shuffle(int* begin, int* end)
{
while (begin != end)
{
int n = (int) (end - begin);
int d = rand() % n;
int temp = *(begin + d);
*(begin + d) = *--end;
*end = temp;
}
}

int main()
{
int i;
int x;
int next_card;
int deck[deck_size];
unsigned int seed;

for (i = 0; i < deck_size; ++i)
deck = i;

printf("Guess the next card! (Control-C to exit)\n\n");

for (;
{
#if 1
seed = (unsigned int) time(0);
#else
__asm {
RDTSC
MOV seed,eax
}
#endif
/*printf("Seed = 0x%08X\n", seed);*/

srand(seed);
shuffle(deck, deck + deck_size);

for (i = 0; i < deck_size - 2
{
printf("%4d", deck);
++i;
if (i % 10 == 0)
printf("\n");
}

x = (rand() > (RAND_MAX / 2)) ? 1 : 0;

printf("{%d, %d}: ", deck[50 + x], deck[50 + (1 - x)]);
scanf("%d", &next_card);
printf("%s", (next_card == deck[50]) ? "Right: " : "Wrong: ");
printf("%d %d\n", deck[50], deck[51]);
}

return 0;
}

 

[pete]

Ben Justice wrote:

Finally, is there a better rand() facsimile
in which the source code is
available in the public domain? One which would suit my needs.

http://groups.google.com/[email protected]

 

[Richard Heathfield]

void memshuffle(void *ptr, int N, size_t size)

Invasion of implementation namespace.

memswap(hck + size * i, hck + size * (rand() % N), size);

And again.

 

[Scott Nelson]

For a program in c, I need some random numbers for a system were people are
placing bets. This is not a commerical project btw. Generally, I tend to
rely on things from the standard library, because they're written by people
with skills far above mine. Hence, I've always used rand() and FALSELY
assumed it could produce unpredictable random numbers and could be used in
many situations even if security was an issue.

Firstly, lets assume for the moment I have a way to get a random and
unpredictable seed for a pseudo random number generator. Then is it
possible to get a reasonably secure shuffle in which the user cannot
predict all the players cards after seeing the first five or so in the
series?

Yes.
For your purposes, the easiest is probably to get a copy of
MD5 or SHA1 in C.
Grab a unsigned long sized chunk of the output
and reduce with something like this.


#define RAND_MAX_COMBO ((unsigned long) 4294967295)

/*
range

returns a number between 0 and N-1

*/

int range(int n) {
unsigned long div;
int r;

div = RAND_MAX_COMBO/n;

do {
r = rand_combo() / div;
} while (r >= n);

return r;
}

(replace the rand_combo() function with your md5/sha1 function)

Keep the output, and feed it (plus the time and any other
information you can get easily)
back into the function the next time it's called.

Secondly, Is there a reasonable method for determing an unpredictatble
seed? I understand seeding from the timer is unsecure.

Maybe.
A quick and dirty approach is to time keystrokes as accurately as you
can, then take the resultant time value and hash it.
http://www.helsbreth.org/random/keyrand.html
has some example DOS code that's in the public domain.

That assumes of course, that you have a reasonable approximation
of kbhit(), which you don't if you're running, say, Linux.

Fortunately, most 'nix systems have /dev/urandom (and /dev/random,
but don't use that) so there's no need to reinvent the wheel -

drfp = fopen("/dev/urandom", "r");
fread(&unsigned_long_value, sizeof(unsigned long), 1, drfp);
fclose(drfp);

will get you a crypto quality unsigned long.

Finally, is there a better rand() facsimile in which the source code is
available in the public domain? One which would suit my needs.

TIA Bj

Lots.

http://www.helsbreth.org/random/shuffle.html
has one example of a pseudo random number generator suitable for
most purposes, but it wouldn't work very well for you,
because you need a generator which is unpredictable. (crypto-secure)

Google and you can find thousands more.

Scott Nelson <[email protected]>

 

[Gordon Burditt]

For a program in c, I need some random numbers for a system were people are

placing bets.

If it's for real money, people will go to great effort to break
your system. Some people with time on their hands may do so anyway
even if it's not for real money (think about fraterity pranks).

This is not a commerical project btw. Generally, I tend to
rely on things from the standard library, because they're written by people
with skills far above mine. Hence, I've always used rand() and FALSELY
assumed it could produce unpredictable random numbers and could be used in
many situations even if security was an issue.

If you assume things where security is an issue, you're going to
get burned. Just watch what happens to Homeland Security: they
decided to use a Microsoft OS on the desktop, since it's obviously
safe against worms and viruses.

Firstly, lets assume for the moment I have a way to get a random and
unpredictable seed for a pseudo random number generator. Then is it
possible to get a reasonably secure shuffle in which the user cannot
predict all the players cards after seeing the first five or so in the
series?

There are 52! possible orders of a shuffled deck of cards. That
requires at least 226 bits of random, unpredictable seed. And your
replacement rand() function needs to actually use that many bits.
The requirements may be less if, for example, you are dealing poker
hands and the order of dealing the cards is not exposed.

Secondly, Is there a reasonable method for determing an unpredictatble
seed? I understand seeding from the timer is unsecure.

Well, maybe you could use an MD5 hash (128 bits) of the stock market
pages of the Wall Street Journal concatenated with a MD5 hash of
the front page of the New York Times (that gets you 256 bits, total).
Of course, you can only do this on days the stock market is open,
once each day. And it requires a lot of data entry. And you'd have
to either keep secret where you're getting your random data, or get
your copies of the papers before anyone else does.

Finally, is there a better rand() facsimile in which the source code is
available in the public domain? One which would suit my needs.

The BSD random() function might qualify. It can be used with enough
state bits. The source code is not public domain but the BSD
license is fairly liberal. See, for example, a FreeBSD source
distribution.

Gordon L. Burditt

 

[Gordon Burditt]

Your compiler's rand may have weaknesses. The question is, when properly

seeded, can a would-be attacker exploit the weaknesses without doing an
exhaustive search. If an exhaustive search is needed, then no other random
number generator with the same size seed would be any better.

And 32 bits is nowhere near enough to shuffle a deck of 52 cards.
You need at least 226 bits (log base 2(52!) = 225.581 bits) of
random seed for a random shuffle.

Below is a simple program. It shuffles a deck card of card, and then deals
the first 50 cards face up. Your challenge is to guess the 51st card. A
priori you have a 50% chance. Can you with the knowledge of rand and the
code used by the program, but not the seed, develop an algorithm for winning
every time?

Ok, here's the algorithm, brute force (takes a heck of a lot of
memory, or speed, or both): list all the sequences generated by a
32-bit seed. Eliminate all those that don't begin with the first
few cards you do see. Pick one of the sequences that's left if
there's more than one, otherwise, pick the one sequence. If *NO*
sequence matches, someone's cheating.

Let's try it a bit differently. Deal out the first *SEVEN* cards
face up, and the rest face down. Apply the above algorithm. There
is less than a 1% chance you have more than 1 choice of sequences.
(log base 2 ( 52*51*50*49*48*47) = 39.29 bits. Subtract 32 bits
for the number of seeds. 7.27 bits gives about 156 possible sequences
of 7 cards per seed, so if rand() mixes up the numbers well, the
chances of hitting 2 seeds that produce the same sequence of 7 cards
is about 1/156.) And you can 99% of the time guess ALL of the rest
of the cards ...

With *SIX* cards face up you have about a 70% chance of being able
to guess *ALL* of the rest of the cards.

What if rand is only re-seeded every fifth shuffle?

I have to deal with 5 sets of sequences, if I don't know what shuffle
the current one is. Ok, now I have a 95% chance of guessing ALL
the rest of the cards from the first seven - and then I'll know
which shuffle you are on and what seed you are using. If you
aren't going to reseed next time, if I guessed right on this
first shuffle, I'll get all the others 100% certain until you reseed.

The program is seeded with time(0) which is not secure. I did that so that
the program is portable and functional. If your compiler supports assembly
and you are running on an x86, you can try to turn on the code that reads
the lower 32 bits of the timing register of the CPU. Because this register
is update at very high frequency, it appears to me to be a good source of
entropy for the random number generator.

32 bits is not enough. You'll need a MUCH faster processor to make
using the bottom 226 bits of the timer register practical (that is,
counts through all 226 bits and finishes before man is extinct).

Gordon L. Burditt

 

[Scott Nelson]

[snip happens]

There are 52! possible orders of a shuffled deck of cards. That
requires at least 226 bits of random, unpredictable seed. And your
replacement rand() function needs to actually use that many bits.
The requirements may be less if, for example, you are dealing poker
hands and the order of dealing the cards is not exposed.

Suppose just for arguments sake that you used 64 bit PRNG.
Now use it to shuffle a deck and look at the top five cards.
Even though you can eliminate over 99.9999% of the possible
shuffles, you still have over a billion possible shuffles left.

With 128 bits, even examining the top 15 cards leaves
more possibilities than can reasonably be enumerated in
the span of a poker hand.

If instead of a PRNG, we use a CSPRNG, then even knowing
all the cards, you still can't determine the internal
state of the CSPRNG. Sure, you can do it /in theory/
but in practice there's just not enough compute power in
the world.



Scott Nelson <[email protected]>

 

[John E. Hadstate]

For a program in c, I need some random numbers for a system were people are
placing bets. This is not a commerical project btw. Generally, I tend to
rely on things from the standard library, because they're written by people
with skills far above mine. Hence, I've always used rand() and FALSELY
assumed it could produce unpredictable random numbers and could be used in
many situations even if security was an issue.

The typical rand() function from the C RTL belongs to a class called "Linear
Congruential" PRNGs. LCPRNGs are predictable with just a few consecutive
examples, but that's not their worst problem. To see what's really wrong
with them, right a quick-and-dirty program to print out 10 or 15 rand()
outputs as strings of bits. Look closely at the least significant bit of
each output. Do you see a pattern? Now look at the next LSB. Notice
anything?

The bits of a LCPRNG appear more random as you move toward the MSB. Thus,
all those programmers who code (rand() & 1) are shooting themselves in the
foot. If you must use rand(), use the MSB!

 

[Carsten Hansen]

And 32 bits is nowhere near enough to shuffle a deck of 52 cards.
You need at least 226 bits (log base 2(52!) = 225.581 bits) of
random seed for a random shuffle.


Ok, here's the algorithm, brute force (takes a heck of a lot of
memory, or speed, or both): list all the sequences generated by a
32-bit seed. Eliminate all those that don't begin with the first
few cards you do see. Pick one of the sequences that's left if
there's more than one, otherwise, pick the one sequence. If *NO*
sequence matches, someone's cheating.

Let's try it a bit differently. Deal out the first *SEVEN* cards
face up, and the rest face down. Apply the above algorithm. There
is less than a 1% chance you have more than 1 choice of sequences.
(log base 2 ( 52*51*50*49*48*47) = 39.29 bits. Subtract 32 bits
for the number of seeds. 7.27 bits gives about 156 possible sequences
of 7 cards per seed, so if rand() mixes up the numbers well, the
chances of hitting 2 seeds that produce the same sequence of 7 cards
is about 1/156.) And you can 99% of the time guess ALL of the rest
of the cards ...

With *SIX* cards face up you have about a 70% chance of being able
to guess *ALL* of the rest of the cards.


I have to deal with 5 sets of sequences, if I don't know what shuffle
the current one is. Ok, now I have a 95% chance of guessing ALL
the rest of the cards from the first seven - and then I'll know
which shuffle you are on and what seed you are using. If you
aren't going to reseed next time, if I guessed right on this
first shuffle, I'll get all the others 100% certain until you reseed.


32 bits is not enough. You'll need a MUCH faster processor to make
using the bottom 226 bits of the timer register practical (that is,
counts through all 226 bits and finishes before man is extinct).

Gordon L. Burditt

I agree with most of what you are writing. But we disagree on the importance
(in terms of security).
The point that I was trying to make was that you have to analyze where your
system is vulnerable to an attack.
You have correctly identified that for the code that I posted, it lies in
having only 32-bits of entropy for the seed. This makes an exhaustive search
possible. Using the Mersenne Twister with a 32-bits seed would have made no
difference.

So, it is not the design of the random number generator which is the problem
here.

Exhaustive search of 2**32 (approx. 4 billion) is doable on today's
computers. If you only show the first 5 cards face up, for each possibility
you would have to do at least 48 calls to rand + 48 mod operations. Now we
are taking it out of doing it real time. This would probably be safe for
non-commercial use, which is a what the OP was talking about.

For commercial use I would use two 32-bits seeds. Only a tiny, tiny subset
of all shuffles would be possible. After all 64 is smaller than 226. But you
can't do an exhaustive search of 2**64 possibilities. If you do 3 billion
instructions per second, and each search takes just one instructions, it
would take more than 200 years. That is sufficient for practical security.
Use the first 32-bits seed to determine the initial order of the cards
(based on rank). The second 32-bits seed you use as before.

Computer security is based on things being infeasible, not on things being
impossible. E.g., some security systems are based on it being infeasible to
factor the product of two big primes (say 120 digits each). We of course all
know a simple algorithm for doing factorization.

Carsten Hansen

 

[Alex]

Ok, I think this is a little harsh. I have seen no hostile action from
Steve in this group, and, even if his posts seem overmuch sometimes, the
purpose of this group is to help people learn. Programmers make
mistakes; beginners and even intermediates make lots o' mistakes. Show
someone the problem enough times, and they'll eventually start seeing
the errors.

I agree with Arthur. I think that it is much more appropriate to get
this kind of practice in:

alt.comp.lang.learn.c-c++

Steve: Not that we don't like you, but indeterminate answers tend
to to confuse those who are learning. If you wish your code to be
examined here, then post it separately and note the things that you
are unsure of.

Alex

 

[pete]

Invasion of implementation namespace.
mem_shuffle()


And again.

mem_swap()

 

[Kevin Easton]

Exhaustive search of 2**32 (approx. 4 billion) is doable on today's
computers. If you only show the first 5 cards face up, for each possibility
you would have to do at least 48 calls to rand + 48 mod operations. Now we
are taking it out of doing it real time. This would probably be safe for
non-commercial use, which is a what the OP was talking about.

For commercial use I would use two 32-bits seeds. Only a tiny, tiny subset
of all shuffles would be possible. After all 64 is smaller than 226. But you
can't do an exhaustive search of 2**64 possibilities. If you do 3 billion
instructions per second, and each search takes just one instructions, it
would take more than 200 years. That is sufficient for practical security.
Use the first 32-bits seed to determine the initial order of the cards
(based on rank). The second 32-bits seed you use as before.

I agree that it is secure, but it isn't the game of poker (or blackjack,
or whatever) - in the true game of poker all shuffles are possible, but
in this version with a 64 bit seed that's not the case. I also agree
that it's a game statistically indistinguishable from poker (from the
point of view of the player - he would have to play the game an
unfeasible number of times in order to show that it's likely that only a
small subset of shuffles are possible), but "a game statistically
indistinguishable from poker" and "poker" are still two different
things.

- Kevin.